Daniel Jacobowitz <dan@debian.org> writes:
> If you enforce longer passwords than people are comfortable with, you
> get weaker passwords (or poor password management practices). It's
> the humans that matter, not the machines.
Exactly.
If the system is excessively anal about what passwords it will let you
use, people will just start writing them down...
[One system I like is the password strength meter that you get when
signing up for a gmail account, updated with every keystroke when
entering a password. I don't recall whether it actually enforced
anything, but I think when the user can see what's happening and very
easily make incremental modifications, the results would tend to be
better.]
-miles
--
(\(\
(^.^)
(")")
*This is the cute bunny virus, please copy this into your sig so it can spread.